Conducted by Javelin Strategy & Research (@JavelinStrategy) and
commissioned by Identity Finder (@IdentityFinder), the newly-released
report reveals that a disturbingly high rate of customers who received
data breach notifications in 2012 were also victims of identity fraud.
Javelin’s study also reveals payment card and Social Security number
data breach victims suffer the highest rates of related fraud. The study
examines three high-risk industries: retail, financial and healthcare,
and also provides best-practice advice for sensitive data management.

According to the study, retailers will remain prime targets for payment
card breaches and fraud as long as payment cards remain a commonly
accepted and popular payment method. Financial institutions will
continue to be top targets because of large amounts of client data they
store, including account information and payment card data. The
healthcare industry’s move to digitize protected health information
(PHI) through electronic health records holds the potential to reduce
costs for healthcare organizations. However, that renders PHI vulnerable
to data breaches and could increase costs for healthcare organizations,
if not properly managed.

Among those consumers that were notified of breaches in 2012, Javelin
found the following:

4.4 million Americans were both notified that their payment card
information was compromised in a data breach and suffered fraud on
their existing credit or debit cards.

1.26 million Americans were both notified that their Social Security
numbers (SSN) were compromised in a data breach and became victims of
identity fraud.

270 thousand Americans were both notified that their online banking
credentials were compromised in a data breach and suffered fraud on
their financial accounts, including checking and savings accounts.

324 thousand Americans were both notified that their bank account
numbers were compromised in a data breach and became victims of fraud
incurred against their checking, savings or other financial accounts.

“By breaching the data stores of businesses in the financial, healthcare
and retail industries, criminals can obtain the fuel they need to
execute various fraud schemes, and these crimes have crippling
consequences,” said Al Pascual, Senior Analyst of Security, Risk and
Fraud at Javelin Strategy & Research. “Identifying and protecting the
sensitive information typically stored by these industries is essential
for mitigating the risk of a data breach and, therefore, the risk of
financial loss to data custodians, consumers and third-party businesses.”

To protect data-at-rest from compromise and subsequent misuse, Javelin
recommends ongoing risk assessments for the financial industry,
healthcare organizations (including their business associates) and
retailers. For these assessments to be successful, businesses should do
the following:

Locate and identify sensitive data. Sensitive data is any data
that has value to the organization or can expose them to risk if
compromised. Sensitive data should include consumer bank account
information, payment card data, SSNs and other types of personally
identifiable information (PII), as well as trade secrets.

Classify sensitive data accordingly. Categorize the information
using a naming convention appropriate to the organization. This step
can ease efforts to control the access, routing and storage of
different types of data.

Secure data based on risk profile. Deploy security measures
commensurate to the risks associated with the loss of respective
categories of data.

Identity Finder, LLC, based in New York, NY, is the leader in sensitive
data management. Its security and privacy technologies provide
businesses and consumers the ability to prevent data leakage and
identity theft.